Building an Advanced Mail Server, Part 2

In the first part of this series, we installed the groundwork for our mail
server. The basics of sending and receiving email are in place, with SMTP, POP3,
and IMAP running. Before we get started on the second part, you will want to
make sure you have read "Building
an Advanced Mail Server, Part 1."

Today we are going to add a web interface to our new mail server using SquirrelMail and Apache. I, personally, chose SquirrelMail because it is written in my language of choice, PHP, and it didn't require the installation of any extra IMAP libraries. There are other web front ends out there, such
as Inter7's SqWebMail and Horde's Imp. As I did in the first part of
this series, I will point out shortcuts for Debian users whenever possible.

Apache and PHP

It should be noted that your web front end does not have to reside on your
mail server. I have run web front ends successfully from my web RAIC at work without any problems. If you prefer to separate services onto different boxes, you shouldn't have any problems putting your Apache/PHP/SquirrelMail front end on a different box.

Instructions about compiling Apache and PHP are readily available and are
outside of the scope of this series; however, these are required if you wish to set up
qmailadmin or SquirrelMail. I suggest TLDP's Apache Compile HOWTO. Alternately, you may wish to check out PHP's Installation on UNIX systems page.

All Linux distributions that I can think of come with Apache and PHP. If you
didn't install this combination when you installed Linux, check your
distribution CD or the online archives. If you can't find packages for your
distribution, then you might use ApacheToolbox to automate the compile process of Apache and its various modules.

Once you have Apache up and running, open your httpd.conf file
and create a virtual host for your new web mail front end. You can serve
multiple domains from a single install of SquirrelMail. This means if you have
one client at mail.example1.com and another at
mail.example2.com, they both share the same
DocumentRoot. If you fix a bug for one client, you fix it for
them all.

Your setup may vary, but this has always worked well for me. After you have
made your changes, start or restart Apache. We are now ready to install
SquirrelMail!

Apache and SSL

If you compile Apache with mod_ssl, you will eventually have to
sign a certificate. When you do this, it is important to remember a few things.
First, if you enter a pass phrase for your certificate, you will have to enter
this phrase every time you start or restart Apache. Second, you can only have
one certificate per IP address. To use secure certificates with virtual hosts,
you will have to move to IP-based virtual hosts, with a separate IP for each
virtual host.

SquirrelMail

According to SquirrelMail's homepage, "SquirrelMail is a standards-based
webmail package written in PHP4. It includes built-in pure PHP support for the
IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no
JavaScript required) for maximum compatibility across browsers." I've found
that SquirrelMail is generally easy to work with and hack. With a pervasive
plug-in structure, it's easy to make portable changes to the code.

Installing SquirrelMail

SquirrelMail has a wiki that covers how to install SquirrelMail, as well as a well-written INSTALL file in
the source. If you get lost in any part of the installation process, check both
sources for help. After you have downloaded SquirrelMail, you will need to
unpackage it in your DocumentRoot and set up data directories to
store attachments and preferences.

Remember that not all web servers run as nobody. Older Debian
distributions run as www-data. If you are not sure which user your
web server runs as, open up your httpd.conf file and look for the
line starting with User.

After you have the data directory set up, create a directory for uploaded
attachments. According to the SquirrelMail team, this should be located outside
of the DocumentRoot and owned by somebody else. They suggest
root. You may also want to change upload_max_filesize
in your php.ini file if you wish to allow users to upload attachments larger than 2MB in size. Below is an example.

The SquirrelMail team also suggests to clear this directory periodically
with a cron job, lest aborted emails with attachments linger forever. To
avoid deleting attachments currently in use by people on your system, either
run your cron job at an obscure hour or use find to delete files
older than X days. The SquirrelMail team suggests using the following example
in root's crontab:

Now that the directories and source of SquirrelMail is set up you will need
to configure it. You have two options:

The config/conf.pl script will step you through most of the
setup process.

Copy config/config_default.php to
config/config.php.

If you want to use a database back end for preferences and the address book,
read doc/db-backend.txt for information on setting up those
features. By default, SquirrelMail stores this information in flat files, which
could bog down performance when several users are using the system.

You should now be able to log in to
http://mail.example.com/mail. Remember that SquirrelMail does not
have any user tables; accounts created via vpopmail's
vadduser will instantly be able to log in via SquirrelMail. Before
we install any plug-ins, create index.php in the
DocumentRoot to redirect to /mail.

<?php
header("Location: /mail");
exit();
?>

Installing SquirrelMail Plug-ins

One of the best features of SquirrelMail is its easy-to-use, out-of-the-box,
plug-and-play plug-ins (to use a few buzzword catchphrases). Anyone who can
write PHP should be able to produce a working plug-in in a few minutes. If you are
interested in writing your own plug-ins, you will surely want to read SquirrelMail's page on Developing Plug-ins. We will install the following plug-ins:

compatibility
provides a standard API for plug-in authors who need certain functionalities
that may not be available in older versions of SquirrelMail.

vlogin
enables the ability to log in to virtual hosts based on the
ServerName of the Apache virtual host. If you are running more
than one domain from this server, this is a must.

squirrelspell
enables spell checking while composing new messages in SquirrelMail.

mail_fetch
enables users to fetch POP3 mail from other mail servers and import it into
SquirrelMail.

You can find many other plug-ins on SquirrelMail's plug-in page. After downloading your plug-ins, untar them in the plugins
directory. Next, to enable them either via conf.pl or by editing
config.php. Only vlogin will require any
configuration.

bash$ cd plugins/vlogin
bash$ cp config.php.sample config.php

Now open config.php in your favorite browser and
set up all of your virtual domains. Below is a simple example.

You may wish to change some other configuration variables in that file. Be
sure to read through the entire file: if you do not have vlogin
configured properly, vpopmail virtual domains may not work
properly.

Conclusion

SquirrelMail is a great front end for your new IMAP server, and your roaming
users will be extremely happy to have such a utility available to them while
they're on the road. Plug-ins for SquirrelMail abound and are easy to write, so
changing it to meet your needs shouldn't be a problem.

The only thing left in our quest for the ultimate mail server is the never-ending battle against spam and viruses. In the third and last part of our
series we will be installing SpamAssassin, Qmail Scanner, and ClamAV to ensure that
all incoming mail is checked for spam and scanned for viruses, and that all outgoing
mail is scanned for viruses.

Joe Stump
is the Lead Architect for Digg where
he spends his time partitioning data, creating internal services, and
ensuring the code frameworks are in working order.